Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Teaser Brucon 2013 Hacking PDF Training

3,078 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Teaser Brucon 2013 Hacking PDF Training

  1. 1. Hacking PDF Training Brucon 2013 Gent didier@DidierStevensLabs.com
  2. 2. Didier Stevens Renowned Malicious PDF Expert Author Of Popular Free PDF Tools 30+ Years Of Hacking
  3. 3. 2 Days Training Day 1: PDF Language & Analysis Day 2: PDF Creation
  4. 4. Day 1: PDF Language Intro
  5. 5. Example of PDF Language Intro String obfuscation /JS (app.alert({cMsg: 'Hello from PDF JavaScript'});) /JS <61 70 70 2E 61 6C 65 72 74 28 7B 63 4D 73 67 3A 20 27 48 65 6C 6C 6F 20 66 72 6F 6D 20 50 44 46 20 4A 61 76 61 53 63 72 69 70 74 27 7D 29 3B>
  6. 6. Day 1: Simple Analysis Exercises 20 simple exercises with benign PDFs* Understanding malicious PDFs Getting familiar with PDF analysis tools: pdfid pdf-parser … *You also get my screencasts for these simple exercises
  7. 7. Day 1: Simple Analysis Exercises Example: extracting payload from PDF pdf-parser.py -s /EmbeddedFile ex013.pdf pdf-parser.py -o 8 -f -d file.exe ex013.pdf
  8. 8. Day 1: Complex Analysis Exercises The Real Deal Analyzing “in the wild” PDF malware 5+ exercises
  9. 9. Day 1: Complex Analysis Exercises Example: 3-The Obama Administration and the Middle East.pdf.zip Learn to find the exploit, extract the shellcode and analyze it with shellcode simulator
  10. 10. Day 2: PDF Creation A full day learning how to create PDFs “For Fun and Profit” with Python tools
  11. 11. Day 2: PDF Creation You receive my Private PDF Creation Tools
  12. 12. Day 2: PDF Creation Receive private mPDF module + documentation Create New PDFs Modify Existing PDFs All from Python, no Adobe products required
  13. 13. Day 2: PDF Creation Receive many private PDF creation & modification tools Example: t-modify-pdf-incremental-update.py Learn to modify Mandiant_APT1_Report.pdf
  14. 14. Day 2: PDF Creation Example: PDF fuzzer to find vulnerabilities in PDF readers Smart Fuzzing of JPEG embedded in PDF
  15. 15. Creation Exercises Learn how to use my private shellcode for PDFs
  16. 16. Day 2: PDF Creation Learn how to bypass AV and IDS detection with PDF obfuscation
  17. 17. Day 2: PDF Creation Learn the internal details of my /Launch exploit and use the automated creation tool
  18. 18. Summary Learn how to analyze and create PDFs in 2 days from a malicious pdf expert Receive many of my private, unreleased tools No need to be a Python expert, just have basic skills to modify a Python script No shellcode skills needed
  19. 19. Questions? Contact me: didier@DidierStevensLabs.com @DidierStevens

×